Wikileaks released details of the CherryBlossom project a week ago. The firmware turns at least 25 models of commonly-used home routers into surveillance devices. According to Linksys, its purpose is to monitor, control and manipulate all in and outgoing traffic. It also permits the infection of other connected devices.

Linksys warned the firmware can be loaded onto a router via physical access to the device and proximity to it via wi-fi. Hardware may also be intercepted in transit before delivery to the end user.

The company has published a firmware update to rid its devices of the compromise It advises them to install the update and perform a factory reset, and disable features like Guest Access and Universal Plug and Play (UPnP) if they’re not being used